Skip to content

👣 Prerequisites

Prepare before the workshop

To ensure a seamless workshop experience, complete the following checklist items in order.

Set up a GitHub account

Login to your GitHub account.

You may create a new GitHub account, if you do not already have one. (1)

  1. 💡 Clicking the button below will open the page on a new tab, for you to create a new GitHub account. Keep your @handle handy after you have logged in.

Create a new GitHub account



Clone the workshop project to your own account

  1. Create workshop project
  2. In the new tab, most of the prompts will automatically fill in for you and the default settings should be fine. Otherwise...

  3. After creation of your new repository has begun, wait about 20 seconds, then refresh the page.



Enable Discussions

  1. On GitHub.com, navigate to the main page of your new repository.
  2. Under your repository name, click Settings. Repository settings tab
  3. Scroll down to the "Features" section and click Set up discussions



Configure base security

  1. Navigate to the Settings tab on your new workshop repository.
  2. Under the "Security" section of the menu, select Code security and analysis. Then configure the settings to match as follows (by clicking Enable where the option is/becomes available).

    Further configurations guide...

    • Dependabot version updates

      When enabling, you will be prompted to edit the .github/dependabot.yml configuration file. Simply navigate back on your browser or click on Cancel changes to leave the prompt, and to continue the base security configuration.

    • CodeQL analysis

      1. From the Set up, select the Default option. Show CodeQL analysis setup
      2. Leave the default settings in the prompt that follows, and simply click on Enable CodeQL to continue.
    • Protection rules

      Select the configuration as shown below. Show CodeQL protection rules



Register a GitHub App

  1. In the upper-right corner of any page on GitHub, click your profile photo.
  2. Navigate to your account Settings.
  3. In the left sidebar, click Developer settings.
  4. In the left sidebar, click GitHub Apps
  5. Click New GitHub App

    Provide the form fields value as follows

    GitHub App Name..........: <YOUR-HANDLE>-bot
    
    Homepage URL.............: https://github.com/<YOUR-HANDLE>/github-devsecops-fundamentals
    
    Webhook
      Active.................: DESELECT
    
    Repository permissions
      Actions................: Read and write
      Administration.........: Read and write
      Contents...............: Read and write
      Deployments............: Read and write
      Discussions............: Read and write
      Environments...........: Read and write
      Pages..................: Read and write
    
    Where can this GitHub App be installed?
      Any account.................: SELECT
    
  6. Generate a private key for the new GitHub App as documented in 👀 here.

  7. Save the GitHub App private key to your new repository's secrets under the name of APP_PRIVATE_KEY_ACTIONS_ASSISTANT.

    👀 Creating secrets for a repository.

  8. Save the GitHub App's appid to your new repository's variables under the name of APP_ID_ACTIONS_ASSISTANT.

    👀 Creating configuration variables for a repository

  9. Goto https://github.com/apps/<YOUR-HANDLE>-bot. Install the app in the repository you created earlier.

    Expand for additional guide and sample views...
    1. Show app home
    2. Show resource owner selection
    3. Show selection of repository and install
    4. Show notification of successful installation

What is the use of a GitHub App?

When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs. For example, if a workflow run pushes code using the repository's GITHUB_TOKEN, a new workflow will not run even when the repository contains a workflow configured to run when push events occur.

If you do want to trigger a workflow from within a workflow run, you can use a GitHub App installation access token or a personal access token instead of GITHUB_TOKEN to trigger events that require a token.

If you use a GitHub App, you'll need to create a GitHub App and store the app ID and private key as secrets.

~ Triggering a workflow from a workflow

During the course of the workshop exercises, you will discover how the GitHub App is used to trigger the automatic deployment of release artifacts.



Create a project board for the repository

  1. Open the recently created workshop repository.

  2. Navigate to the Projects tab.

  3. Open the Link a project dropdown menu . Then select the New Project option.

  4. Click on the New project button to start the project creation wizard.

  5. Select the Team backlog template.
  6. Give a name to the project
  7. Finally click on the Create button.



Provision a new cloud development environment for the workshop

GitHub Codespaces enables you to instantly start coding on the workshop project. Personal accounts on GitHub can benefit from a free quota of GitHub Codespaces usage.

  1. Navigate to the Code tab.

  2. Open the Code menu and click on Create codespaces on main.

    Expand for sample view...

    Create a new GitHub Codespaces

  3. Leave the Codespace development environment to initialize and run, we will come back to use it later.